How do we use Microsoft products to protect our cloud users from attacks

-


There are a few cases out there, where businesses and government entities has been attacked, and in the media it looks like there has been some super sophisticated attack and that it was impossible to defend against, and as many of us know that usually isn’t true. There have been weaknesses, and someone has found out about them. 

And yes, there are cases where companies that have had good security solutions have been compromized anyway, but many times, we see a surprising lack of security out there, many of which are cases where they think “So far so good. We don’t need more security.” The fact that they have been hacked doesn’t prove them wrong, because we need to admit that just about everyone can be hacked. But in many cases the attacks could have been prevented. This blog won’t give you more than an overview of some of the features I think you should look more at when you have moved to Microsoft 365. I will also note that some of these will require a higher license, and therefore more cost.   


 

There is not one single system that can protect you

If anyone is trying to sell you a solution that will be all you need, I think we can safely say: That sounds way to good to be true. When we set up security solutions for a company, we use several things that together provide pretty good security. Some of the solutions we use are listed below:

What's the score?

Microsoft uses Secure Score to "gamify" your security. Using Secure Score is a great way to gain insight into your current status, and it will also guide you through your improvement options. Read more about this here: Microsoft Secure Score

Password

A funny thing is how some “security specialists” talk to the media about passwords, as if that is the most important thing in the world. It is usually the same guys that says things like: We can't secure everything etc. At the same time a few big security companies say: The password is dead. A password should never be the only thing keeping attackers at bay.

Windows Hello

Speaking of passwords and their death, Windows Hello can make life a lot easier for our users. Using facial unlock or biometric security can make logging in, an easy and time saving experience. A guide can be found here: Set up windows hello on your pc.


 

Microsoft Defender Advanced Threat Protection

Using MD ATP, brings the power of the cloud to our computers. We have a great antivirus, with protection gained from the machine learning of Azure, and all other users of Azure. Say a user is compromised, using MD ATP. This will set into motion a lot of things in the background, and protection to all other users can be rolled out in minutes. The bad rabbit attack (crypto virus) is a great example of how something that could have been huge, was stopped in minutes for all users with MD ATP. We can also note that Defender ATP is also available for Mac. More info can be found here: Microsoft Defender Advanced Threat Protection

MFA – Multi Factor Authentication

Yes, we know. The extra security can be a hassle. We don’t like to have to type in our password even, so what happens if we put in extra factors? Users become annoyed, and we don’t want that. We want to give them a good platform, that makes their job easy, and we don’t want to put in a lot of obstacles. So we set up MFA, but maybe we turn that off for users that are in the office. We set up the proper trusted IP’s and say that if you are on that range, you don’t need MFA. Good plan, right? Not really. This makes it pretty easy for an attacker that has gained access to our network to hack into our accounts. Much better to say that you always need to use MFA, but when you have put in MFA details on your computer, you can check a check box, saying that you don’t need to do that again for a few weeks. This means a hacker would have to gain access to that specific computer, and the credentials for that specific computer to be able to abuse this. And for this we have other security features. More info can be found here: Set up multi-factor authentication

Protect our e-mail accounts with Office 365 Advanced Threat Protection

Office 365 ATP can help prevent attacks by protecting us against phishing campaigns, setting up safe links/safe attachments and much more. I have seen Office 365 ATP keep customers safe as they have been targeted by big campaigns. As with all other security products we need to set this up and not just use it as it comes out of the box. Read more here: Office 365 Advanced Threat Protection

Device management - Intune

If we want to protect our devices, we need to have some sort of management. For me, this will often be Intune, or even the device management included in Office 365. This gives us a lot of control of devices, and how they are used, and also allows us to be able to wipe a missing device, and thus remove the info that could be useful for a hacker. You can more info here: Microsoft Intune is an MDM and MAM provider for your devices

Screenshot from: docs.microsoft.com
 

Protect our identities with Azure Identity Protection

How awesome would it be to have a system that monitored all things that happened to our accounts? Suspicious behavior, someone logging on from a unusual location, putting in wrong details, from an unmanaged device etc. etc. And imagine if this system could even automate remediation of risks against your identities? And we do have a system like that. We have Identity Protection. You can find more about this here: What is Identity Protection?

MCAS – Microsoft Cloud App Security

Building on the previous point, we need a place where we can gather security info into a view where we can see things more clearly. Also we can set up app based conditional access, flows for logging, and actions taken when certain events occur, control Shadow IT, help label and encrypt sensitive data and much, much more. Most of our customers that start using MCAS, says it gives them huge improvements when it comes to insights into their cloud organization. Read more here: Microsoft Cloud App Security overview

And

Many other features that we will look at in this blog. And remember, even though they are right, those people who say: You can't be 100% secure, you can have pretty good security, and you can have it without your users hating you. You can read more about Microsoft Security here: https://www.microsoft.com/en-us/security/business

Comments

Post a Comment

Popular posts from this blog

Do not Forward and the protection of attachments

-
Image
Maybe I am the only one who has misunderstood this, but if not, this may be useful for you. I've been wrong about this for a while, and since it is not a feature we have used, I didn't really look into it until today. I always thought that using Do not Forward in a label would make sure attachments where given the same DNF rights.  Unfortunately I was shown the error of my ways by one of my customers today, when I answered (with some confidence) that, yes: Attachments get the same protection. He then replied that he was able to do all kinds of things with the attachment, and I started to look into it more closely. Microsoft has many great articles about protecting information, and this article is no exception. I guess you just have to read it carefully. They say:  “When the Do Not Forward option is applied to an email, the email is encrypted and recipients must be authenticated. Then, the recipients cannot forward it, print it, or copy from it . For example, in the Outlook cli
Read more

Using Do not Forward or Encrypt Only as the results of a Sensitivity Label

-
Image
Do not Forward and Encrypt Only can be found in Outlook by default for all who uses Office 365 E3 or equivalent/higher. And as many know, they can also be used in a Sensitivity label. But what are the consequenses of using these, instead of creating our own encryption settings within the label? This is what we will be looking at today.  As many know, we can use these two in Outlook, as long as we have the proper license. They are well hidden away under Options, and can look a little like this:    EO and DNF in Outlook.  I've covered these in earlier blogposts , but lets just quickly go through them again here: " Encrypt/Encrypt-Only " option makes sure the email is encrypted and recipients must be authenticated, but then they have all usage rights except Save As, Export and Full Control (Basically means no restriction except that they cannot remove the protection). When the Do Not Forward option is applied to an email, the email is encrypted and recipients must be au
Read more